diff options
author | Benoit Foucher <benoit@zeroc.com> | 2006-05-11 08:47:13 +0000 |
---|---|---|
committer | Benoit Foucher <benoit@zeroc.com> | 2006-05-11 08:47:13 +0000 |
commit | c5fe8c1db278af2d6f1d172e0c9e9fcd6f509b7c (patch) | |
tree | 50ac9405a24d251fb4ba2539ee0f6a8cf7f95480 /cpp/src/IceGrid/Activator.cpp | |
parent | Fixed XML writing (diff) | |
download | ice-c5fe8c1db278af2d6f1d172e0c9e9fcd6f509b7c.tar.bz2 ice-c5fe8c1db278af2d6f1d172e0c9e9fcd6f509b7c.tar.xz ice-c5fe8c1db278af2d6f1d172e0c9e9fcd6f509b7c.zip |
Added support for setting user under which the process should run.
Diffstat (limited to 'cpp/src/IceGrid/Activator.cpp')
-rw-r--r-- | cpp/src/IceGrid/Activator.cpp | 57 |
1 files changed, 55 insertions, 2 deletions
diff --git a/cpp/src/IceGrid/Activator.cpp b/cpp/src/IceGrid/Activator.cpp index 4bf9fed248a..bea536fbb49 100644 --- a/cpp/src/IceGrid/Activator.cpp +++ b/cpp/src/IceGrid/Activator.cpp @@ -25,6 +25,7 @@ #ifndef _WIN32 # include <sys/wait.h> # include <signal.h> +# include <pwd.h> // for getpwnam #endif using namespace std; @@ -76,8 +77,12 @@ reportChildError(int err, int fd, const char* cannot, const char* name) strcpy(msg, cannot); strcat(msg, " `"); strcat(msg, name); - strcat(msg, "': "); - strcat(msg, strerror(err)); + strcat(msg, "'"); + if(err) + { + strcat(msg, ": "); + strcat(msg, strerror(err)); + } write(fd, msg, strlen(msg)); close(fd); @@ -339,6 +344,7 @@ int Activator::activate(const string& name, const string& exePath, const string& pwdPath, + const string& user, const Ice::StringSeq& options, const Ice::StringSeq& envs, const ServerIPtr& server) @@ -447,6 +453,30 @@ Activator::activate(const string& name, // Activate and create. // #ifdef _WIN32 + + if(!user.empty()) + { + vector<char> buf(256); + buf.resize(256); + DWORD size = buf.size(); + bool success = GetUserName(&buf[0], &size) + if(!success && GetLastError() == ERROR_INSUFFICIENT_BUFFER) + { + buf.resize(size); + success = GetUserName(&buf[0], &size); + } + if(!success) + { + SyscallException ex(__FILE__, __LINE__); + ex.error = getSystemErrno(); + throw ex; + } + if(user != string(&buf[0])) + { + throw "can't run `" + name + "' under user account `" + user + "'"; + } + } + // // Compose command line. // @@ -652,6 +682,29 @@ Activator::activate(const string& name, // // + // Change the user under which the process will run if a + // specific user is set. + // + if(!user.empty()) + { + struct passwd* pw = getpwnam(user.c_str()); + if(!pw) + { + reportChildError(0, fds[1], "unknown user", user.c_str()); + } + + if(setgid(pw->pw_gid) == -1) + { + reportChildError(getSystemErrno(), fds[1], "cannot set process group id for user", user.c_str()); + } + + if(setuid(pw->pw_uid) == -1) + { + reportChildError(getSystemErrno(), fds[1], "cannot set process user id for user", user.c_str()); + } + } + + // // Assign a new process group for this process. // setpgid(0, 0); |